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- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 



Response to Amendment 



This office action is in response to amendment filed on 2/26/04 (Paper No. 6). Original 
application contained Claims 1-26. Applicant cancelled Claims 12, 18, and 24, and amended 
Claims 1-4, 6, 10, 15, and 21. The amendment filed on 2/26/04 have been entered and made of 
record. Therefore, presently pending claims are 1-11, 13-17, 19-23, and 25-26. 



Applicant's arguments filed 2/26/04 have been fully considered but they are not 
persuasive because of following reasons. 

Regarding claim 1 applicant argued that applicant does not see anything that teaches an 
inspection module that provides inspection of packets for a firewall core. The examiner would 
like to clarify that the rules as shown in Fig. 2 perform the action of the inspection module of 
providing inspection of packets which is accomplished when the rule instructions performing a 
rule action (column 4 line 41) as shown in column 4 lines 33-41 in the reference Dutta. The new 
modules (rules) may be downloaded from the library (column 5 lines 28-45) and are therefore 
loaded while the system is operating. 

Applicants clearly have failed to explicitly identify specific claim limitations, which would 
define a patentable distinction over prior arts. 

Regarding claims 6, 10, 15, and 21, the examiner draws attention to the new grounds of 
rejection as shown below. 

The examiner is not trying to teach the invention but is merely trying to interpret the 
claim language in its broadest and reasonable meaning. The examiner will not interpret to read 
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narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that the prior art does teach or suggest the subject matter broadly recited in 
independent Claims 1, 6, 10, 15, and 21. Dependent Claims 2-5, 7-9, 1 1, 13-14, 16-17, 19-20, 
22-23, and 25-26 are also rejected at least by virtue of their dependency on independent claims 
and by other reason set forth in this office action (Paper No. 7). Accordingly, rejections for 
claims 1-11, 13-17, 19-23, and 25-26 are respectfully maintained. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-5 are rejected under 35 U.S.C 102(e) as being anticipated by Dutta (U.S. 
Patent 6,574,666 Bl). 

In reference to claim /, Dutta suggests a firewall device having a plurality of 
communication interfaces, a firewall system comprising: a) a firewall core connected to each 
said communication interface (column 4 lines 63-66); and b) at least one inspection module 
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coupled for communication to said firewall core, said inspection module configured to provide 
protocol inspection of data packets to said firewall core (column 5 lines 1-12), said firewall core 
configured to receive data packets from said interfaces and communicate said packets to said 
inspection module for inspection, said inspection module is further configured to be installed 
during the operation of the firewall system (column 3 lines 14-30). The rules as shown in Fig. 2 
perform the action of the inspection module of providing inspection of packets which is 
accomplished when the rule instructions performing a rule action (coumn 4 line 41) as shown in 
column 4 lines 33-41 in the reference Dutta. The new modules (rules) may be downloaded from 
the library (column 5 lines 28-45) and are therefore loaded while the system is operating. 

In reference to claim 2, wherein said inspection module is installed into a memory space 
monitored by said firewall core (Dutta column 4 lines 41-62). 

In reference to claim 3, wherein said inspection module further comprises callback 
functions, said functions communicated to said firewall core and providing communication 
between said firewall core and said inspection module. The use of callback functions is an 
inherent method of defining functions for efficient communication between two systems. The 
systems in this case are the firewall processor and the fetch processor (Dutta column 4 lines 41- 
50). 

In reference to claim 4, wherein said inspection module is further configured to indicate 
to said firewall core for which data packets said inspection module is configured to provide 
inspection (Dutta column 4 line 66 to column 5 line 12). 

In reference to claim 5, wherein said data packets intercepted by said firewall core further 
includes session information comprising address and port data, said firewall core further 
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configured to map said session information to corresponding inspection modules (Dutta column 
2 line 60 to column 3 line 5 in combination with column 4 lines 32-50). Packet Filter Router 
rules are based on address and port information, therefore, the address and port information 
obviously must be contained within the packets. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 6-9, 10-11, 13-17, 19-23, and 25-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dutta in view of Kullick et al (5,732,275). 

In reference to claim 6, Dutta suggests a firewall device having a plurality of 
communication interfaces, a firewall core configured to be coupled to at least one inspection 
module, said firewall core comprising: a) a communication unit operatively coupled to the 
communication interfaces (column 4 lines 63-66); and b) a set of callback functions, retrieved 
from said inspection module, each said function providing communication between said firewall 
core and said inspection module. The use of callback functions is an inherent method of efficient 
communication between two different systems; the systems in this case are the firewall processor 
and the fetch processor (column 4 lines 41-50). 

Dutta does not expressly disclose a system wherein the firewall core is configured to 
monitor a memory to determine when a new inspection module is loaded into said memory. 
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However Kullick discloses a method of automatically managing, monitoring and 
updating a software program. The application management program checks whether there is a 
new version of the program is currently stored on server memory in a section designated a drop 
box (column 5 lines 50-67). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the management program of Kullick to find new version of the rules in the 
firewall of Dutta. One of ordinary skill in the art would have been motivated to do this because 
this would enable the firewall to keep the rules constantly updated. 

In reference to claim 10, Dutta suggests a firewall device having a plurality of 
communication interfaces and a firewall core coupled to the communication interfaces, an 
inspection module to configured to couple with the firewall core, said inspection module 
comprising: a) an inspection unit configured to inspect and authorize data packets (column 5 
lines 1-12); and b) a function table having a set of callback functions each said function 
providing communication between said firewall core and said inspection module. A function 
table is an obvious method for an operating system to implement call back functions for 
communication between two systems, which in this case would be the firewall instruction 
processor and the fetching instruction processor (column 4 lines 42-46). 

Dutta does not expressly disclose a system wherein the firewall core is configured to 
monitor a memory to determine when a new inspection module is loaded into said memory. 

However Kullick discloses a method of automatically managing, monitoring and 
updating a software program. The application management program checks whether there is a 
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new version of the program is currently stored on server memory in a section designated a drop 
box (column 5 lines 50-67). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the management program of Kullick to find new version of the rules in the 
firewall of Dutta. One of ordinary skill in the art would have been motivated to do this because 
this would enable the firewall to keep the rules constantly updated. 

In reference to claims 15 and 21, Dutta suggests a firewall device having a firewall 
system including a firewall core, a method for adding protocol knowledge to the firewall system 
during runtime comprising: a) loading an inspection module comprising new protocol inspection 
knowledge and a function table having a set of callback functions (column 3 lines 14-25); to b) 
notifying the firewall core of said inspection module (column 3 lines 26-33); and c) 
communicating said set of callback functions to said firewall core. The use of callback functions 
is an inherent method of efficient communication between two different systems, in this case the 
systems are the firewall processor and the fetch processor (column 4 lines 41-50). 

Dutta does not expressly disclose a system wherein the firewall core is configured to 
monitor a memory to determine when a new inspection module is loaded into said memory. 

However Kullick discloses a method of automatically managing, monitoring and 
updating a software program. The application management program checks whether there is a 
new version of the program is currently stored on server memory in a section designated a drop 
box (column 5 lines 50-67). 

At the time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to use the management program of Kullick to find new version of the rules in the firewall 
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of Dutta. One of ordinary skill in the art would have been motivated to do this because this 
would enable the firewall to keep the rules constantly updated. 

In reference to claim 7, wherein said communication unit is further configured to 
intercept network data communicated via said network interfaces (Dutta column 3 lines 46-65). 

In reference to claim S, further comprising a session mapping unit, said data packets 
intercepted by said firewall core further including session information comprising address and 
port data, said firewall core further configured to map said session information to corresponding 
inspection modules into a session mapping and store said session mapping into said session 
mapping unit (Dutta column 2 line 60 to column 3 line 5 in combination with column 4 lines 32- 
50). Packet Filter Router rules are based on address and port information, therefore, the address 
and port information obviously must be contained within the packets. 

In reference to claim 9, wherein said communication unit is further configured to 
communicate packets between said communication interfaces and said inspection module for 
inspection (Dutta column 4 line 63 to column 5 line 12). 

In reference to claim 77, wherein said inspection unit is further configured to be installed 
during the operation of the firewall core. The rules retrieved by the filter processor to update the 
filter processor are retrieved during the operation of the filter processor. 

In reference to claim 73, the firewall system of claim 1, wherein said inspection module 
is further configured to indicate to said firewall core for which data packets said inspection 
module is configured to provide inspection (Dutta column 5 lines 1-12). 

In reference to claim 14, where in said inspection unit is further configured to receive and 
inspect packets communicated from the firewall core (Dutta column 5 lines 5-12). 
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In reference to claim 16 and 22, further comprising enabling said inspection module, 
prior to communicating said set of callback function to said firewall core. The new information 
is used to filter packets therefore the new rules, provided by the filter processor, are in an 
enabled state similar to the state of the inspection module. 

In reference to claim 17 and 23, further comprising inspecting of packets by said 
inspection module, said packets communicated from the firewall core to said inspection module 
(Dutta column 5 lines 1-12). 

In reference to claim 19 and 25, wherein said notifying the firewall core comprises 
transmitting a signal to the firewall core to indicate the installation of said inspection module 
(Dutta column 3 lines 25-32). 

In reference to claim 20 and 26, further comprising indicating by said inspection module 
for which data packets said inspection module provides inspection (Dutta column 5 lines 1-12). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, TfflS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (703) 305-8421. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



PWK 

Monday, May 10, 2004 
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